USB drives used to rob cash machines

Cyber-thieves used USB drives to infect cash machines with malware and steal from them earlier this year, researchers have revealed.

Exact details of the robberies are not yet clear, with neither the names of the researchers nor the bank disclosed.

What is known is that the criminals cut holes in the cash points in order to access USB ports to insert the drives before covering up the holes. The malware loaded onto the cash machines then allowed the gang to steal the money with complete impunity.

According to the researchers, the criminals used two separate codes in order to access the money, apparently in an effort to prevent any single member of the gang from using the drives by themselves.

The machines, like many of the world's ATMs, ran off Windows XP. This meant that the cash points automatically loaded what was stored on the USB drive when they were inserted.

"For sure, they had to have a profound knowledge of ATMs," said one of the researchers. "Most likely they actually had one to test. Either they stole one and reverse engineered the cash client, or most likely, they had someone on the inside."